Navigation
Recherche
|
Malcolm: Prevent Trojan Source attacks with GCC 12
mercredi 12 janvier 2022, 16:30 , par LWN.net
David Malcolm describes
some GCC improvements to defend against bidirectional-text attacks in source code. My colleague Marek Polacek and I implemented a new warning for GCC 12, -Wbidi-chars, for detecting Trojan Source attacks involving Unicode control characters. Marek implemented the guts of the warning, but when I tried it out on the examples provided by the Trojan Source researchers, I found I had trouble understanding the initial results—precisely because of the obfuscation itself. So for GCC 12, I've added a new flag to GCC diagnostics, indicating that the diagnostic itself relates to source code encoding. When any such diagnostic is printed, GCC will now escape non-ASCII characters in the source code.
https://lwn.net/Articles/881145/rss
|
56 sources (32 en français)
Date Actuelle
jeu. 2 mai - 12:28 CEST
|